Trending

ee-track">
Link copied!

CISA Vulnerability Advisories Reveal Complexity of ICS Products

Four critical vulnerabilities from one vendor came from third-party components, showing the complexity of ICS products.

February 20, 2025 · 4 min read
CISA Vulnerability Advisories Reveal Complexity of ICS Products

Overview

Cyble’s weekly industrial control system (ICS) vulnerability report to clients examined 122 ICS, operational technology (OT), and Supervisory Control and Data Acquisition (SCADA) vulnerabilities pulled from 22 recent advisories from the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

The 122 vulnerabilities affect products from seven vendors across nine critical sectors, ranging from energy and healthcare to wastewater systems, transportation, manufacturing, food and agriculture, chemicals, and commercial facilities. Nine of the vulnerabilities are rated critical.

One interesting aspect of the advisories is how many of the ICS vulnerabilities come from third-party components that weren’t made by the ICS vendor, revealing the complexity and vulnerability of these critical systems.

Four Critical Siemens Vulnerabilities

Siemens had the highest number of vulnerabilities in the CISA advisories, 100 in all, but only four were rated critical—and all of the critical vulnerabilities came from non-Siemens components.

Two of the critical vulnerabilities affect Siemens Opcenter Intelligence, a manufacturing intelligence platform used to improve manufacturing processes and stem from vulnerabilities in the Java OpenWire protocol marshaller (CVE-2023-46604, a 9.6-severity Deserialization of Untrusted Data vulnerability) and the Tableau Server Administration Agent’s internal file transfer service (CVE-2022-22128, a 9.0-rated Path Traversal vulnerability). Opcenter Intelligence versions prior to V2501 are affected.

CISA addressed those vulnerabilities in a February 13 advisory, noting that “Successful exploitation of these vulnerabilities could enable an attacker to execute remote code or allow a malicious site administrator to change passwords for users.”

report-ad-banner

The other two Siemens critical vulnerabilities were included in a second advisory on February 13 from CISA. The vulnerabilities affect multiple versions of SCALANCE W700, an industrial wireless communication solution designed for WLAN connectivity in automation and SCADA systems. Critical vulnerabilities in the advisory were CVE-2023-28578, a 9.3-severity memory corruption vulnerability in Qualcomm core services, and CVE-2023-45853, a 9.8-rated integer overflow and resultant heap-based buffer overflow vulnerability in MiniZip in zlib.

Successful exploitation of the vulnerabilities could allow an attacker to inject code, escalate privileges, execute arbitrary code, compromise system integrity, and cause a denial-of-service condition. Siemens urged users to upgrade to V3.0.0 or later.

Other ICS Vulnerabilities at Risk

Among other vulnerabilities in the Cyble report, CVE-2024-5410 and CVE-2024-5411 affect ORing IAP-420 WLAN access points, versions 2.01e and prior. The former allows critical cross-site scripting (XSS) attacks, and the latter enables high-severity command injection. Cyble noted that these vulnerabilities pose a critical risk, as a Proof of Concept for exploiting them is available in the public domain.

The Outback Power Mojave Inverter, a renewable energy solution for solar and battery systems, is vulnerable to multiple security issues, increasing the risk of exploitation due to its internet-facing nature, Cyble said. Issues include CVE-2025-26473 (exposing sensitive data via GET requests), CVE-2025-25281 (unauthorized access to sensitive information), and CVE-2025-24861 (command injection allowing remote code execution). Given the high likelihood of attacks, immediate mitigations like network segmentation, access controls, and firmware updates are crucial to securing these devices, Cyble said.

Recommendations for Mitigating ICS Vulnerabilities

Cyble recommends several important controls for mitigating ICS vulnerabilities and improving the overall security of ICS systems. These measures include:

  • Staying on top of security advisories and patch alerts issued by vendors and regulatory bodies like CISA. A risk-based approach to vulnerability management reduces the risk of exploitation.
  • Implementing a Zero-Trust Policy to minimize exposure and ensure that all internal and external network traffic is scrutinized and validated.
  • Developing a comprehensive patch management strategy that covers inventory management, patch assessment, testing, deployment, and verification. Automating these processes can help maintain consistency and improve efficiency.
  • Proper network segmentation can limit an attacker’s potential damage and prevent lateral movement across networks. This is particularly important for securing critical ICS assets, which should not be exposed to the Internet if possible and properly protected if remote access is essential.
  • Conducting regular vulnerability assessments and penetration testing to identify gaps in security that might be exploited by threat actors.
  • Establishing and maintaining an incident response plan and ensuring that it is tested and updated regularly to adapt to the latest threats.
  • All employees, especially those working with Operational Technology (OT) systems, should be required to undergo ongoing cybersecurity training programs. The training should focus on recognizing phishing attempts, following authentication procedures, and understanding the importance of cybersecurity practices in day-to-day operations.

Conclusion

These vulnerabilities reveal the complexity and hazards that medical and critical infrastructure system vulnerabilities can pose to patients, utilities, manufacturing, and other sensitive environments. ICS vendors and CISA have done well to identify and report these issues. Now users must do their part and ensure that these critical systems are patched and properly protected.

Regardless of the sector, staying on top of ICS vulnerabilities and applying good cybersecurity hygiene and controls can limit risk. This includes limiting internet exposure and properly protecting assets that must be accessed remotely.

To access the full report on ICS vulnerabilities observed by Cyble, along with additional insights and details, click here. By adopting a comprehensive, multi-layered security approach that includes effective vulnerability management, timely patching, and ongoing employee training, organizations can reduce their exposure to cyber threats. With the right tools and intelligence, such as those offered by Cyble, critical infrastructure can be better protected, ensuring its resilience and security in an increasingly complex cyber landscape.

AI Threat Intelligence

Stop Executive Threats
Before They Strike

Monitor dark web chatter, detect lookalike domains, and protect your C-suite from targeted impersonation — in real time, across 50+ countries.

Scroll to Top

Book your session

Request a Personalized Demo

See how Cyble's threat intelligence protects your organization. A specialist will reach out within one business day.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams

Download the brochure

Get the Cyble Vision Brochure

Explore how Cyble Vision delivers AI-powered threat intelligence across your attack surface. Fill in your details to access the brochure.

Select one or more options

Cyble protects your personal data to manage your account and deliver requested content. Submit your details to receive updates. Withdraw consent anytime. See our privacy policy for details.

Your information is encrypted and never shared.
SOC 2 Type II GDPR compliant Trusted by 1,000+ teams